Security/Meetings/Automation/2013-12-10
From MozillaWiki
< Security | Meetings | Automation
Agenda
- status updates
- dsicussions
- london updates
Status Updates
- freddyb:
- vector mutation in escape-artist (entities, whitespaces, breakout-strings)
- xss bookmarklet :) at http://mozfreddyb.github.io/escape-artist/xss_bookmarklet.html
- csp@mozilla worries
- jeff
- psiinon
- Potential DHS funding of ZAP re SWAMP http://continuousassurance.org/wp-content/uploads/2013/10/SWAMP-VISION-10.28.13.pdf
- Draft Zest blog post: https://mana.mozilla.org/wiki/display/SECURITY/Draft+blog+post%3A+Zest
- mgoodwin
- Working on events interception - got some bugs to iron out
- Looking at 'record' functionality; currently evaluating selenium and a hacked-up TogetherJS (the latter exposed a bunch of errors in my event interception work - so I'm fixing those too)
- ulfr
- MIG crypto model in progress (go.crypto/openpgp)
- stefan
- Installed dchan's EV plugin on minion-dev - worked first try .. !!
- Will try to push out a minion plugin for ulfr's SSL checks
- dchan
- no update
- yvan
- CEF Logging - still a good approach?
- tinfoil